{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01.000Z", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970590"}, {"name": "79682", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/79682"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2015-5049", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970590", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970590"}, {"name": "79682", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79682"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:32.968Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970590"}, {"name": "79682", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/79682"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2015-5049", "datePublished": "2016-01-01T02:00:00.000Z", "dateReserved": "2015-06-24T00:00:00.000Z", "dateUpdated": "2024-08-06T06:32:32.968Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:7.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F1D9B2D-B882-45A9-AF54-D560FE221C46", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB412078-9212-4316-A45F-AF499644C0CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:7.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D39E77EA-25FC-4A9F-B167-CBB59C8F03ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:7.0.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "CFD2D230-E66B-45E8-A7F2-C94AC2BA75EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:7.0.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "074A183B-2C45-4B5F-A467-3DFA8C5D7E0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:7.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6A1371BD-17B2-4FA4-B5AA-B5A35F283277", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:7.1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C0D85B86-EC7C-419C-9612-F869CC1FA243", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en la API en IBM OpenPages GRC Platform 7.0 en versiones anteriores a 7.0.0.4 IF3 y 7.1 en versiones anteriores a 7.1.0.1 IF6 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-5049", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-01T05:59:02.707", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970590"}, {"source": "psirt@us.ibm.com", "url": "http://www.securityfocus.com/bid/79682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970590"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/79682"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}